Skip to content

Commit 945e9fa

Browse files
EmyrkEmyrk
committed
Fix broken tests
1 parent 970e345 commit 945e9fa

File tree

4 files changed

+17
-15
lines changed

4 files changed

+17
-15
lines changed

coderd/coderd.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -135,8 +135,8 @@ func New(options *Options) (http.Handler, func()) {
135135
// Should files be org scoped? User scoped?
136136
httpmw.WithRBACObject(rbac.ResourceFile),
137137
)
138-
r.Get("/{hash}", authorize(api.fileByHash, rbac.ActionRead))
139-
r.Post("/", authorize(api.postFile, rbac.ActionCreate, rbac.ActionUpdate))
138+
r.Get("/{hash}", api.fileByHash)
139+
r.Post("/", api.postFile)
140140
})
141141
r.Route("/organizations/{organization}", func(r chi.Router) {
142142
r.Use(

coderd/coderd_test.go

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,12 @@ package coderd_test
22

33
import (
44
"context"
5-
"fmt"
65
"net/http"
76
"strings"
87
"testing"
98

9+
"golang.org/x/xerrors"
10+
1011
"github.com/go-chi/chi/v5"
1112
"github.com/stretchr/testify/assert"
1213
"github.com/stretchr/testify/require"
@@ -43,7 +44,7 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
4344
require.NoError(t, err, "fetch org")
4445

4546
// Always fail auth from this point forward
46-
authorizer.AlwaysReturn = rbac.ForbiddenWithInternal(fmt.Errorf("fake implementation"), nil, nil)
47+
authorizer.AlwaysReturn = rbac.ForbiddenWithInternal(xerrors.New("fake implementation"), nil, nil)
4748

4849
// skipRoutes allows skipping routes from being checked.
4950
type routeCheck struct {
@@ -123,13 +124,16 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
123124
"GET:/api/v2/workspaces/{workspace}/builds": {NoAuthorize: true},
124125
"POST:/api/v2/workspaces/{workspace}/builds": {NoAuthorize: true},
125126

127+
"POST:/api/v2/files": {NoAuthorize: true},
128+
"GET:/api/v2/files/{hash}": {NoAuthorize: true},
129+
126130
// These endpoints have more assertions. This is good, add more endpoints to assert if you can!
127131
"GET:/api/v2/organizations/{organization}": {AssertObject: rbac.ResourceOrganization.InOrg(admin.OrganizationID)},
128132
"GET:/api/v2/users/{user}/organizations": {StatusCode: http.StatusOK, AssertObject: rbac.ResourceOrganization},
129133
"GET:/api/v2/users/{user}/workspaces": {StatusCode: http.StatusOK, AssertObject: rbac.ResourceWorkspace},
130134
}
131135

132-
c := srv.Config.Handler.(*chi.Mux)
136+
c, _ := srv.Config.Handler.(*chi.Mux)
133137
err = chi.Walk(c, func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error {
134138
name := method + ":" + route
135139
t.Run(name, func(t *testing.T) {
@@ -188,7 +192,7 @@ type fakeAuthorizer struct {
188192
AlwaysReturn error
189193
}
190194

191-
func (f *fakeAuthorizer) AuthorizeByRoleName(ctx context.Context, subjectID string, roleNames []string, action rbac.Action, object rbac.Object) error {
195+
func (f *fakeAuthorizer) AuthorizeByRoleName(_ context.Context, subjectID string, roleNames []string, action rbac.Action, object rbac.Object) error {
192196
f.Called = &authCall{
193197
SubjectID: subjectID,
194198
Roles: roleNames,

coderd/rbac/builtin.go

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -64,11 +64,7 @@ var (
6464
return Role{
6565
Name: member,
6666
DisplayName: "Member",
67-
Site: permissions(map[Object][]Action{
68-
// All users can read all organizations.
69-
// TODO: @emyrk is this ok?
70-
ResourceOrganization: {ActionRead},
71-
}),
67+
Site: permissions(map[Object][]Action{}),
7268
User: permissions(map[Object][]Action{
7369
ResourceWildcard: {WildcardSymbol},
7470
}),

coderd/users_test.go

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -401,10 +401,11 @@ func TestGrantRoles(t *testing.T) {
401401
[]string{rbac.RoleOrgMember(first.OrganizationID)},
402402
)
403403

404+
memberUser, err := member.User(ctx, codersdk.Me)
405+
require.NoError(t, err, "fetch member")
406+
404407
// Grant
405-
// TODO: @emyrk this should be 'admin.UpdateUserRoles' once proper authz
406-
// is enforced.
407-
_, err = member.UpdateUserRoles(ctx, codersdk.Me, codersdk.UpdateRoles{
408+
_, err = admin.UpdateUserRoles(ctx, memberUser.ID, codersdk.UpdateRoles{
408409
Roles: []string{
409410
// Promote to site admin
410411
rbac.RoleMember(),
@@ -588,12 +589,13 @@ func TestOrganizationByUserAndName(t *testing.T) {
588589
t.Parallel()
589590
client := coderdtest.New(t, nil)
590591
first := coderdtest.CreateFirstUser(t, client)
592+
notMember := coderdtest.CreateAnotherUser(t, client, first.OrganizationID)
591593
other := coderdtest.CreateAnotherUser(t, client, first.OrganizationID)
592594
org, err := other.CreateOrganization(context.Background(), codersdk.Me, codersdk.CreateOrganizationRequest{
593595
Name: "another",
594596
})
595597
require.NoError(t, err)
596-
_, err = client.OrganizationByName(context.Background(), codersdk.Me, org.Name)
598+
_, err = notMember.OrganizationByName(context.Background(), codersdk.Me, org.Name)
597599
var apiErr *codersdk.Error
598600
require.ErrorAs(t, err, &apiErr)
599601
require.Equal(t, http.StatusUnauthorized, apiErr.StatusCode())

0 commit comments

Comments
 (0)